/tmp

Scott C. Ripley scott-VK/PCEBaDz+N9aS15agKxg at public.gmane.org
Fri May 26 01:05:11 UTC 2006 

the culprit appears to be an instance of "horde" that i installed (to play 
with) a while ago:

reference to similar issue:
  http://jwulf.livejournal.comb/18128.html

Scott

P.S.

with the nasty HTTP requests attached... (not that anyone is necessarily 
interested!)



On Thursday 25 May 2006 20:23, Madison Kelly wrote:
> Scott C. Ripley wrote:
> > hey all,
> >
> > anyone get hassled by:
> >   - some web app is able to write to /tmp as nobody
> >   - able to run file as nobody user (say via perl) even with noexec on
> > the partition  (because perl simply reads/executes the file in /tmp)
> >
> > some googling suggests it's going around... with suggestions like:
> >   - have separate /tmp partition  (with noexec option on partition)
> >   - disable certain PHP functions (via php.ini)
> >   - (keep all your installed webapps patched/updated/etc.)
> >   - etc.
> >
> > still a pain though... if anybody has a sure fire way to fight this...
> > let me know?
> >
> > thanks,
> >
> > Scott
>
> We just had something like this on a couple of our production servers.
> Specifically, some twerp was able to run a command that told wget to
> grab some data and establish some telnet connections (or try at least).
> These where *BSD machines...
>
> I found that the 'httpd' had a crontab entry set to respawn a service
> every minute, too. My boss updated Apache and a couple of other programs
> (inc. a webmail app) and that seems to have stemmed the tide.
>
> Madison
>
> PS - If details will help I will talk to my boss tomorrow.
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

-- 
Scott C. Ripley                             Tel: 01.416.738.6357
Deucalion Technologies              Fax: 01.416.201.8922
614A The Queensway                  http://www.scottripley.com
Etobicoke, ON, M8Y 1K1              mailto:scott at scottripley.com
CANADA


The content of this electronic mail transmission is confidential.  
 
This transmission is intended solely for the use by the person(s) to
whom it was addressed.  All other recipients are hereby notified that
any use, copying, dissemination, or disclosure of this information is
strictly prohibited.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: requests.log
Type: text/x-log
Size: 2731 bytes
Desc: not available
URL: <http://gtalug.org/pipermail/legacy/attachments/20060525/65d2ef64/attachment.bin>

More information about the Legacy mailing list